diff --git a/CHANGELOG.txt b/CHANGELOG.txt index eed9809442d22694a4834b78bf35dcb952b77bab..5d63f54dc8af7cde7ab8b97fc9546817ab5783b2 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,7 +1,10 @@ // $Id$ -Drupal 5.13-dev, xxxx-xx-xx (development version) +Drupal 5.13, 2008-12-10 ----------------------- +- fixed a variety of small bugs. +- fixed security issues, (Cross site request forgery and Cross site scripting), see SA-2008-073 +- updated robots.txt and .htaccess to match current file use. Drupal 5.12, 2008-10-22 ----------------------- diff --git a/modules/filter/filter.module b/modules/filter/filter.module index 079a0b2ff615c021be794eeca8b494f68442d453..7d64e188868ddbc6b525ea7527a9aca72d0369b0 100644 --- a/modules/filter/filter.module +++ b/modules/filter/filter.module @@ -709,13 +709,20 @@ function filter_list_format($format) { static $filters = array(); if (!isset($filters[$format])) { - $filters[$format] = array(); $result = db_query("SELECT * FROM {filters} WHERE format = %d ORDER BY weight ASC", $format); - while ($filter = db_fetch_object($result)) { - $list = module_invoke($filter->module, 'filter', 'list'); - if (isset($list) && is_array($list) && isset($list[$filter->delta])) { - $filter->name = $list[$filter->delta]; - $filters[$format][$filter->module .'/'. $filter->delta] = $filter; + if (db_num_rows($result) == 0 && !db_result(db_query("SELECT 1 FROM {filter_formats} WHERE format = %d", $format))) { + // The format has no filters and does not exist, use the default input + // format. + $filters[$format] = filter_list_format(variable_get('filter_default_format', 1)); + } + else { + $filters[$format] = array(); + while ($filter = db_fetch_object($result)) { + $list = module_invoke($filter->module, 'filter', 'list'); + if (isset($list) && is_array($list) && isset($list[$filter->delta])) { + $filter->name = $list[$filter->delta]; + $filters[$format][$filter->module .'/'. $filter->delta] = $filter; + } } } } diff --git a/modules/system/system.module b/modules/system/system.module index b7f4488197edee544fab98faa47ff34594397c9f..a6cbd75493d6067ebd8f9bca73698c5c6761a835 100644 --- a/modules/system/system.module +++ b/modules/system/system.module @@ -6,7 +6,7 @@ * Configuration system that lets administrators modify the workings of the site. */ -define('VERSION', '5.13-dev'); +define('VERSION', '5.13'); /** * Implementation of hook_help(). diff --git a/update.php b/update.php index 80b445ecb6eb39b6eedd4baee210ec9a267d1511..1e4756c1b1fb98818927c8b5536866539e2a604f 100644 --- a/update.php +++ b/update.php @@ -562,10 +562,11 @@ function update_finished_page($success) { function update_info_page() { drupal_set_title('Drupal database update'); + $link = 'update.php?op=selection&token='. drupal_get_token('update'); $output = "
    \n"; $output .= "
  1. Use this script to upgrade an existing Drupal installation. You don't need this script when installing Drupal from scratch.
    2. "; $output .= "
  2. Before doing anything, backup your database. This process will change your database and its values, and some things might get lost.
    3. \n"; - $output .= "
  3. Update your Drupal sources, check the notes below and run the database upgrade script. Don't upgrade your database twice as it may cause problems.
    4. \n"; + $output .= "
  4. Update your Drupal sources, check the notes below and run the database upgrade script. Don't upgrade your database twice as it may cause problems.
    5. \n"; $output .= "
  5. Go through the various administration pages to change the existing and new settings to your liking.
    6. \n"; $output .= "
"; $output .= '

For more help, see the Installation and upgrading handbook. If you are unsure what these terms mean you should probably contact your hosting provider.

'; @@ -793,10 +794,6 @@ function update_create_cache_tables() { $op = isset($_REQUEST['op']) ? $_REQUEST['op'] : ''; switch ($op) { - case 'Update': - $output = update_update_page(); - break; - case 'finished': $output = update_finished_page(TRUE); break; @@ -813,10 +810,18 @@ function update_create_cache_tables() { $output = update_progress_page_nojs(); break; + case 'Update': + if ($_GET['token'] == drupal_get_token('update')) { + $output = update_update_page(); + break; + } + // If the token did not match we just display the default page. case 'selection': - $output = update_selection_page(); - break; - + if ($_GET['token'] == drupal_get_token('update')) { + $output = update_selection_page(); + break; + } + // If the token did not match we just display the default page. default: $output = update_info_page(); break;